CVE-2015-8980
published 2019-11-04CVE-2015-8980: The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.71%
93.1th percentile
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php-gettext | < php-gettext 1.0.12-0.1 (bookworm) | php-gettext 1.0.12-0.1 (bookworm) |
| debian | phpmyadmin | < php-gettext 1.0.12-0.1 (bookworm) | php-gettext 1.0.12-0.1 (bookworm) |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| php-gettext_project | php-gettext | < 1.0.12 | 1.0.12 |
| php-gettext_project | php-gettext | — | — |
| php-gettext_project | php-gettext | >= 0 < 1.0.12-0.1 | 1.0.12-0.1 |
| php-gettext_project | php-gettext | >= 0 < 1.0.12-0.1 | 1.0.12-0.1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.6.6-1 | 4:4.6.6-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.6.6-1 | 4:4.6.6-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.6.6-1 | 4:4.6.6-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.6.6-1 | 4:4.6.6-1 |
| redhat | enterprise_linux | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered when an unsanitized user-supplied numeric value is passed as the count parameter to ngettext family of calls (ngettext, npgettext, select_string), allowing arbitrary code execution via the plural form formula evaluation. ↗
- →Monitor for exploitation attempts targeting the select_string, ngettext, and npgettext functions in php-gettext versions before 1.0.12. ↗
- ·Vulnerability only affects php-gettext (php-php-gettext) versions prior to 1.0.12; version 1.0.12 resolves the issue across all tracked distributions (Fedora, EPEL, Debian). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gxcv-w2wp-7xvm: The plural form formula in ngettext family of calls in php-gettext before 1
ghsa_unreviewed·2022-05-24
CVE-2015-8980 [CRITICAL] CWE-20 GHSA-gxcv-w2wp-7xvm: The plural form formula in ngettext family of calls in php-gettext before 1
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
OSV
CVE-2015-8980: The plural form formula in ngettext family of calls in php-gettext before 1
osv·2019-11-04·CVSS 9.8
CVE-2015-8980 [CRITICAL] CVE-2015-8980: The plural form formula in ngettext family of calls in php-gettext before 1
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
Ubuntu
Gettext vulnerability
vendor_ubuntu·2021-03-15
CVE-2015-8980 Gettext vulnerability
Title: Gettext vulnerability
Summary: Gettext could be made to crash or run programs if it received
specially crafted input.
Danilo Segan discovered that Gettext mishandled certain input. An
attacker could use this vulnerability to execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2015-8980: php-gettext - The plural form formula in ngettext family of calls in php-gettext before 1.0.12...
vendor_debian·2015·CVSS 9.8
CVE-2015-8980 [CRITICAL] CVE-2015-8980: php-gettext - The plural form formula in ngettext family of calls in php-gettext before 1.0.12...
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
Scope: local
bookworm: resolved (fixed in 1.0.12-0.1)
bullseye: resolved (fixed in 1.0.12-0.1)
sid: resolved (fixed in 1.0.12-0.1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [fedora-all]
bugzilla·2016-08-16·CVSS 9.8
CVE-2015-8980 [CRITICAL] CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [fedora-all]
CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: th
Bugzilla
CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter
bugzilla·2016-08-16·CVSS 9.8
CVE-2015-8980 [CRITICAL] CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter
CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter
A code injection vulnerability was found in php-gettext. Evaluating the plural form formula in ngettext family of calls can execute arbitrary code if number is passed unsanitized from the untrusted user.
References:
http://seclists.org/fulldisclosure/2016/Aug/76
Discussion:
Created php53-php-gettext tracking bugs for this issue:
Affects: epel-5 [bug 1367465]
---
Created php-php-gettext tracking bugs for this issue:
Affects: fedora-all [bug 1367463]
Affects: epel-all [bug 1367464]
---
CVE assignment:
http://seclists.org/oss-sec/2017/q1/128
---
CVE assignment
summary :
php-php-gettext-attribatary code execution, conducting code execution - CVE-2018-8986 php-php-get
Bugzilla
CVE-2015-8980 php53-php-gettext: php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [epel-5]
bugzilla·2016-08-16·CVSS 9.8
CVE-2015-8980 [CRITICAL] CVE-2015-8980 php53-php-gettext: php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [epel-5]
CVE-2015-8980 php53-php-gettext: php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commi
Bugzilla
CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [epel-all]
bugzilla·2016-08-16·CVSS 9.8
CVE-2015-8980 [CRITICAL] CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [epel-all]
CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE:
http://lists.opensuse.org/opensuse-updates/2017-02/msg00015.htmlhttp://seclists.org/fulldisclosure/2016/Aug/76http://www.openwall.com/lists/oss-security/2017/01/18/4http://www.securityfocus.com/bid/95754https://bugzilla.redhat.com/show_bug.cgi?id=1367462https://launchpad.net/php-gettext/trunk/1.0.12https://lwn.net/Alerts/708838/http://lists.opensuse.org/opensuse-updates/2017-02/msg00015.htmlhttp://seclists.org/fulldisclosure/2016/Aug/76http://www.openwall.com/lists/oss-security/2017/01/18/4http://www.securityfocus.com/bid/95754https://bugzilla.redhat.com/show_bug.cgi?id=1367462https://launchpad.net/php-gettext/trunk/1.0.12https://lwn.net/Alerts/708838/
2019-11-04
Published